Add token revocation endpoint

2025-10-06 22:09:29 +03:00
parent e92b93f68f
commit b94392aaf2
2 changed files with 19 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ Sistema bus kuriama naudojant modernias technologijas, o diegimas bus supaprasti

 **Registruoti naudotojai**
 1. Gali prisijungti prie sistemos.
-2. ~~Gali atsijungti nuo sistemos.~~
+2. Gali atsijungti nuo sistemos.
 3. Gali įkelti naujus paveikslus.
 4. Gali redaguoti savo įkeltų paveikslų metaduomenis (žymas, aprašą).
 5. Gali ištrinti savo įkeltus paveikslus.
--- a/T120B165-ImgBoard/Controllers/AuthController.cs
+++ b/T120B165-ImgBoard/Controllers/AuthController.cs
@@ -79,4 +79,22 @@ public class AuthController(UserManager<User> userManager, ITokenService tokenSe
        var newRefreshToken = await tokenService.GenerateRefreshToken(user);
        return Ok(new TokenDto(AccessToken: accessToken, RefreshToken: newRefreshToken));
    }
+    
+    /// <summary>
+    /// Revokes the refresh token.
+    /// </summary>
+    /// <param name="dto">Data with refresh token</param>
+    /// <response code="204">If token was revoked successfully</response>
+    /// <response code="401">If refresh token is missing or is expired</response>
+    [HttpPost("revoke")]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+    public async Task<ActionResult<TokenDto>> Revoke(RefreshDto dto)
+    {
+        var token =  await tokenService.GetRefreshTokenByValue(dto.RefreshToken);
+        if (token == null) return Unauthorized();
+        
+        await tokenService.InvalidateRefreshToken(token);
+        return NoContent();
+    }
 }